[Snort-users] Snort Archive Database Creation Script

Paul Schmehl pauls at ...6838...
Fri Jul 30 23:43:04 EDT 2004


--On Friday, July 30, 2004 5:52 PM -0700 Charles Heselton 
<charles.heselton at ...11827...> wrote:

> Hi all.  Don't know if this question has been asked before.  I wasn't
> able to find too much on google or the list archive.
>
> I would like to be able to archive events picked up by my snort IDSs.
> Now, I know that ACID has this functionality.  But I also know that
> you have to have the database backend.  Does anyone know if 1) the DB
> setup script that comes with the snort package will work for the
> "snort-archive" db?

Yes, it will, but first you have to create the database.

 or 2) if there's a snort-archive db setup script
> that I missed in the package?

No, there is not.

 or 3) is there a 3-rd party script some
> where out there in userland?

There could be, but I'm not aware of one.

>  I'm not the most savvy mysql DBA, so it
> would be non-trivial for me to try to set up the db myself.
>
Then you're going to have to start reading.  Mysql.com has very good 
documentation, or you can buy a book on mysql.

To create a database, you log in to mysql:

% mysql -u root -p (you'll be prompted for the password)

Once you've logged in successfully, you'll need to create the database:

mysql > create database snort_archive; (or whatever you want to name it)

Then you have to grant rights to the database to the user that will be 
logging in:

mysql > grant select,insert,create,delete on snort_archive.* to 
user at ...274...;

Then exit:

mysql > quit;

Then you can create the tables for the database like this:

% mysql -u root -p snort_archive < /path/to/create_mysql

The create_mysql script comes with the snort distribution.

> Any guidance would be appreciated.
>
Hope this helps.

Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu




More information about the Snort-users mailing list